Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2022-30632

Uncontrolled Recursion

Published: Aug 10, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-30632
CWEhttps://cwe.mitre.org/data/definitions/674.html

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Go Golang * 1.17.12 (excluding)
Go Golang 1.18.0 (including) 1.18.4 (excluding)
Application Interconnect 1 for RHEL 8 RedHat skupper-cli-0:1.0.2-2.el8 *
Node Maintenance Operator 4.11 for RHEL 8 RedHat workload-availability/node-maintenance-rhel8-operator:v4.11.1-1 *
OADP-1.1-RHEL-8 RedHat oadp/oadp-velero-rhel8:1.1.1-20 *
OpenShift Custom Metrics Autoscaler 2 RedHat custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/client-kn-rhel8:1.3.1-4 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/ingress-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/knative-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/kourier-control-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serverless-operator-bundle:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serverless-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-activator-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-controller-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-queue-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-webhook-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2 *
Openshift Serverless 1 on RHEL 8 RedHat openshift-serverless-clients-0:1.3.1-4.el8 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-monitor-rhel8:1.3.1-5 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-must-gather-rhel8:1.3.1-6 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-operator-bundle:1.3.1-10 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-rhel8-operator:1.3.1-5 *
OSSO-1.1-RHEL-8 RedHat openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-11 *
Red Hat Ceph Storage 6.1 RedHat rhceph/rhceph-6-dashboard-rhel9:6-75 *
Red Hat Developer Tools RedHat go-toolset-1.17-golang-0:1.17.12-1.el7_9 *
Red Hat Enterprise Linux 8 RedHat go-toolset:rhel8-8060020220720230014.97d7f71f *
Red Hat Enterprise Linux 8 RedHat git-lfs-0:2.13.3-3.el8_6 *
Red Hat Enterprise Linux 8 RedHat grafana-0:7.5.15-3.el8 *
Red Hat Enterprise Linux 8 RedHat container-tools:3.0-8070020220802115906.39077419 *
Red Hat Enterprise Linux 8 RedHat grafana-pcp-0:3.2.0-2.el8 *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8080020230321153727.0f77c1b7 *
Red Hat Enterprise Linux 8 RedHat container-tools:4.0-8080020230217080101.8108cfbc *
Red Hat Enterprise Linux 9 RedHat golang-0:1.17.12-1.el9_0 *
Red Hat Enterprise Linux 9 RedHat grafana-0:7.5.15-3.el9 *
Red Hat Enterprise Linux 9 RedHat toolbox-0:0.0.99.3-5.el9 *
Red Hat Enterprise Linux 9 RedHat grafana-pcp-0:3.2.0-3.el9 *
Red Hat Enterprise Linux 9 RedHat git-lfs-0:3.2.0-1.el9 *
Red Hat Enterprise Linux 9 RedHat runc-4:1.1.12-2.el9 *
Red Hat Migration Toolkit for Containers 1.7 RedHat rhmtc/openshift-velero-plugin-rhel8:v1.7.6-5 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/istio-cni-rhel8:2.2.2-7 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/istio-rhel8-operator:2.2.2-8 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/pilot-rhel8:2.2.2-7 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/prometheus-rhel8:2.2.2-4 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/proxyv2-rhel8:2.2.2-8 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/ratelimit-rhel8:2.2.2-4 *
Red Hat OpenStack Platform 16.1 RedHat etcd-0:3.3.23-12.el8ost *
Red Hat OpenStack Platform 16.2 RedHat etcd-0:3.3.23-12.el8ost *
RHEL-7-CNV-4.12 RedHat kubevirt-0:4.12.0-1057.el7 *
RHEL-8-CNV-4.12 RedHat kubevirt-0:4.12.0-1057.el8 *
RHEL-8-CNV-4.12 RedHat container-native-virtualization/virt-api:v4.12.0-255 *
STF-1.5-RHEL-8 RedHat stf/sg-core-rhel8:5.1.1-2 *
Golang-1.13 Ubuntu bionic *
Golang-1.13 Ubuntu esm-apps/bionic *
Golang-1.13 Ubuntu esm-apps/jammy *
Golang-1.13 Ubuntu esm-apps/xenial *
Golang-1.13 Ubuntu esm-infra/focal *
Golang-1.13 Ubuntu focal *
Golang-1.13 Ubuntu jammy *
Golang-1.13 Ubuntu trusty *
Golang-1.13 Ubuntu xenial *
Golang-1.16 Ubuntu bionic *
Golang-1.16 Ubuntu esm-apps/bionic *
Golang-1.16 Ubuntu esm-apps/focal *
Golang-1.16 Ubuntu focal *
Golang-1.16 Ubuntu trusty *
Golang-1.16 Ubuntu xenial *
Golang-1.18 Ubuntu bionic *
Golang-1.18 Ubuntu focal *
Golang-1.18 Ubuntu jammy *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use